SAINT Security Suite scanner

IBM QRadar collects and imports scan reports from Security Administrator's Integrated Network Tool (SAINT) Security Suite vulnerability appliances by using the SAINT API. SAINT Security Suite scan reports include vulnerability data, MAC addresses, port information, and service information.

To integrate SAINT Security Suite with QRadar, complete the following steps:

From your SAINT Security Suite appliance, obtain and record the SAINT API port number. You need this information when you add a scanner in QRadar. See Obtaining the SAINT API port number
From your SAINT Security Suite appliance, obtain and record the SAINT API token. You need this information when you add a scanner in QRadar. See Obtaining the SAINT API token
From your SAINT Security Suite appliance, configure the SAINT API to send scan reports to QRadar. See Adding a QRadar host to the Allowed API Clients list
Copy the server certificate to support HTTPS connections. See Copy the server certificate
From your QRadar Console, add a SAINT Security Suite vulnerability scanner. See Adding a SAINT Security Suite vulnerability scanner in QRadar
The SAINT Security Suite vulnerability scanner supports the Live Scan and Report Only scan options in QRadar.

Live Scan

If you select this option when you add a SAINT Security Suite scanner in QRadar, QRadar starts a live remote vulnerability scan on the SAINT Scanner. When the scan is complete, QRadar® collects and imports the vulnerability scan report. You might want to select this option if you don't have any existing scans on the SAINT Security Suite appliance.

Report Only

If you select this option when you add a SAINT Security Suite scanner in QRadar, QRadar imports only scan reports for scans that exist on the SAINT Security Suite appliance. You might want to select this option if the SAINT Security Suite appliance has scans that are scheduled to run regularly.
From your QRadar Console, create a scan schedule for the scanner that you added. See Scheduling a vulnerability scan